1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

winbindd: use passdb backend for well-known SIDs

On a DC well-known SIDs like S-1-1-0 (everyone) *must* be handled by the
local domain, otherwise something simple like this fails with
WBC_ERR_DOMAIN_NOT_FOUND:

$ make testenv SELFTEST_TESTENV=nt4_dc SCREEN=1

localnt4dc2$ ./bin/wbinfo --sid-to-name S-1-1-0
failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup sid S-1-1-0

On a member server asking our DC works and is what we're currently
doing, but changing it to ask passdb avoids the overhead.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Ralph Boehme 2017-03-30 23:41:59 +02:00 committed by Jeremy Allison
parent 3a9ea1873c
commit 6b7a14b4b9
2 changed files with 9 additions and 6 deletions

View File

@ -22,14 +22,12 @@
^samba3.raw.samba3hide.samba3hide\((nt4_dc|ad_dc)\) # This test fails against an smbd environment with NT ACLs enabled
^samba3.raw.samba3closeerr.samba3closeerr\(nt4_dc\) # This test fails against an smbd environment with NT ACLs enabled
^samba3.raw.acls nfs4acl_xattr-simple.INHERITFLAGS\(nt4_dc\) # This (and the follow nfs4acl_xattr tests fail because our NFSv4 backend isn't a complete mapping yet.
^samba3.raw.acls nfs4acl_xattr-simple.sd\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.create_file\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.create_dir\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.nulldacl\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.generic\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-simple.inheritance\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.INHERITFLAGS\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.sd\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.create_file\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.create_dir\(nt4_dc\)
^samba3.raw.acls nfs4acl_xattr-special.nulldacl\(nt4_dc\)

View File

@ -1009,12 +1009,19 @@ struct winbindd_domain *find_our_domain(void)
struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
{
/* SIDs in the S-1-22-{1,2} domain should be handled by our passdb */
DBG_DEBUG("SID [%s]\n", sid_string_dbg(sid));
/*
* SIDs in the S-1-22-{1,2} domain and well-known SIDs should be handled
* by our passdb.
*/
if ( sid_check_is_in_unix_groups(sid) ||
sid_check_is_unix_groups(sid) ||
sid_check_is_in_unix_users(sid) ||
sid_check_is_unix_users(sid) )
sid_check_is_unix_users(sid) ||
sid_check_is_wellknown_domain(sid, NULL) ||
sid_check_is_in_wellknown_domain(sid) )
{
return find_domain_from_sid(get_global_sam_sid());
}
@ -1023,8 +1030,6 @@ struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
* one to contact the external DC's. On member servers the internal
* domains are different: These are part of the local SAM. */
DEBUG(10, ("find_lookup_domain_from_sid(%s)\n", sid_string_dbg(sid)));
if (IS_DC || is_internal_domain(sid) || is_in_internal_domain(sid)) {
DEBUG(10, ("calling find_domain_from_sid\n"));
return find_domain_from_sid(sid);